On-demand scan exclusions for SBS 2003

I am curious as to why nobody is discussing file and folder exclusions for on-demand scans. The Microsoft Knowledge base clearly states that certain exclusions MUST be made from both real-time AND on-demand (or scheduled) scans.

I have been unable to learn how to create exclusions for scheduled scans, so I am faced with the following decision:

1. Scan all files (OK, all files in the Extension list) and hope for the best. There must be some extensions that should be scanned in general (like .exe, for example) but should maybe be excluded in certain folders.

OR

2. Don't scan the SBS server - just depend on the real-time protection. I have seen situations where real-time has missed something that a scan subsequently found and cleaned, so I don't like this option either.

I can't believe that anyone would make an AV product without the ability to exclude folders from a scan. I am hoping someone can give me their views on this, and tell me what you're doing with NOD32 V 2.7 on your SBS servers.

I can't believe that anyone would make an AV product without the ability to exclude folders from a scan.

Click to expand...

I can't believe it , too . May be that is why ESET have had such an option since I remember myself ... Available in v 2.5 , 2.7 and now 3.0

I am curious as to why nobody is discussing file and folder exclusions for on-demand scans.

Click to expand...

They are going to be discussed when there is a problem with them .
The Microsoft Knowledge base clearly states that certain exclusions MUST be made from both real-time AND on-demand (or scheduled) scans.

1. Scan all files (OK, all files in the Extension list) and hope for the best. There must be some extensions that should be scanned in general (like .exe, for example) but should maybe be excluded in certain folders.

OR

2. Don't scan the SBS server - just depend on the real-time protection. I have seen situations where real-time has missed something that a scan subsequently found and cleaned, so I don't like this option either.

Click to expand...

In NOD32 Antivirus system , version 2.70 , real time protection exclusions are AMON exclusions . Enter the AMON module , "Exclusions" tab. You can also change the scanned extensions.

For on-demand scans , you must edit the on-demand scanning profile you use . When the on-demand scanner NOD32.EXE is opened , goto "Setup" tab and press the Extensions button.

For scheduled on-demand scan , you can create a second profile and while setting-up the scheduled task , you shall chooce that specific profile with its specific options

Thanks for your reply - your coments are true, but confirms that the product is lacking.

Allowing exclusions for on-demand or scheduled scans solely by extension is dangerous. For example, what if I wanted to exclude all of the .exe files in a certain, known-good folder? In NOD32 V 2.7, the only way to do that (for on-demand scanning) is to exclude ALL .exe files, which of course is dangerous.

It doesn't make sense to me that ESET would have ever designed a product like this. While I am in general very pleased with NOD32, this issue has me feeling a bit shaken in my confidence in the company. Also, my inability to get any useful help from ESET themselves isn't making me feel all warm and fuzzy either...

For example, what if I wanted to exclude all of the .exe files in a certain, known-good folder? In NOD32 V 2.7, the only way to do that (for on-demand scanning) is to exclude ALL .exe files, which of course is dangerous

Click to expand...

No , in NOD32 v2 the only option is not to scan the whole folder (similar to excluding not just exe files file ALL kind of file in a specific folder)

No , in NOD32 v2 the only option is not to scan the whole folder (similar to excluding not just exe files file ALL kind of file in a specific folder)

Click to expand...

I have been looking for a way to exclude a whole folder from an on-demand scan for two days. I'd say you're mistaken when you say it's possible - are you sure you're not thinking about real-time scans?

I am not wrong . The way to achieve what you want (in NOD32 v2.7) is :
1. You will either edit a scanning profile or create a new one
2. Open the on-demand scanner so that you goto "Scanning targets" tab

In this tab you enter what to be scanning . If there is a folder or even a whole drive missing , it WILL NOT be scanned - which means excluded
You can enter all the folders you want scanned .

Later , in the Scheduler , you will create a new task (on-demand scan) and at the edn you'll point your specific on-demand scanning profile.

I understand this way is a little bit "limited" , however it will work in most cases .Let us also not forget that v2 is an outdated version , v3 is better in this way.

Wow, that's aroundabout way of doing something rather elementary! I'm still not 100% clear on one thing:

While I see the options that can be saved in a profile, can the folder selections also be saved for re-use at regularly scheduled times, or do I have to manually select hndreds of folders every time I want to scan the server?

The scheduler allows you to choose a profile, but not folders.

Or am I missing something?

Thanks a lot for your input - I really appreciate that you are trying to help when ESET (and my distributor) are not all that interested in my questions.